When the execs were asked what their organizations are looking to do to secure personal devices used at work, data encryption was the number 1 response. MDM was number 2, which, according to Eric Westerlind, the report's author, is telling. Since the use of encryption is already widespread, the high interest in MDM is promising, Westerlind says.

"[Providers] are concerned with making sure tablets are secure, and it's difficult because it's a personal device," he says. "Whatever they install can't be too intrusive, and sometimes that can be an issue with MDM. But when you're dealing with patient information, anything that contains data covered by HIPAA needs to be secured, and those devices need to be able to be wiped clean."

Ken Kleinberg, a health IT consultant with the Advisory Board, told InformationWeek Healthcare that the operating systems of mobile devices have more robust security features than the legacy Windows systems found in hospitals. But he emphasizes that hospitals need strong BYOD security policies, including mobile application management tools. "It's not just that you're going to control the configuration on the device; you're also going to control what application can be loaded on that device," he says.

A hospital's IT organization can give doctors a list of the applications it has vetted, Kleinberg notes. If a doctor wants to use a document reader, for instance, the hospital might suggest one. If he wants to use a dosing calculator, it might suggest three apps and make them available on its application server.

During interviews with several IT pros, it became obvious that when the conversation turns to MDM, one size doesn't fit all. Rather than choose an MDM product, Beth Israel Deaconess Medical Center has for now "settled on enforcing tight security policies through Exchange ActiveSync," says BIDMC CIO John Halamka. "It is highly likely we are capturing most, if not all, BYODs that access BIDMC resources, as email is by far the most frequently used application," Halamka says. "We really do not have other applications that have been customized to run on smartphones and tablets. Our applications are native to the Web, so the ability to install and manage mobile applications is not something we've encountered as a problem yet."

The industry will never get to your proposed "tested/trusted platform". A totally secure device is a virtual impossibility. With the exception of one that is never used...

SSL and ipSec at their core are secure technologies when implemented correctly. Otherwise, they would not be in such wide use.

The problem is, that hackers can find other ways to compromise a device and eventually take it over. If that happens, then no amount of security technology will help you.

To sum up, mobile devices are now and will continue to be used in our world. We just have to be vigilant in how we provision and use them and know when to raise our hands when things go terribly wrong that we cannot ourselves handle.

It seems that even with your safeguards of SSL and IPSec (which both have their flaws and can by hacked/bypassed) and using RDP to access information, you're still at risk simply because of the mobile platform. One good example of this would be phones with NFC which can be infected by a known exploit to Android (as shown at Black Hat hacking conference this year) and other known exploits to various mobile OSes. Sure there's no data on the mobile device, but if you have control of the device then you have access to the remote data while logged in through that device. There's also the very real possibility of stealing the device and gaining temporary access until the access is turned off. For the most part, BYOD and mobile devices should stay away from medical records in my opinion... at least until there is a tested/trusted platform. The risks are too high, and the data is simply too valuable.

Well, for one thing, you cannot avoid public wireless networks altogether. That would preclude your mobile users from accessing some resources necessary to do their jobs. What you must do then, is to secure everything using VPN connections whether SSL or ipSec.

Our larger clients are mostly in the medical field. So, we run all data critical apps internally on Servers using RDP over VPN connections. No data hits the mobile devices that way. MDM is mostly via Microsoft mangement apps and EAS.

MDM is an area that needs a great deal of work to build a platform that can uniformly and securely manage the plethora of devices out in the field. A vendor that succeeds here, will make a ton of money.

Absolutely I agree, an IT administrator must have access and control on BYOD devices accessing the corporate network. I also believe BYOD employees must access corporate resources over a secured tunnel and avoid public wireless networks to maintain data integrity.

How are you managing BYOD devices in your org? Which MDM solution do you use? What are the key points you like about your BYOD program?

Re-read my comments and you will see that I said nothing about dumping BYOD. My point was "who is really in control here". You cannot control employee's smart phone choice (and by extension other devices). But, you can control whether (or not) they are allowed to connect to your internal network.

It makes zero sense to just let any device access your network without you being in control of it. Now does it?

BYOD is not a mistake and network security is also very important. But for the sake of the latter one does not need to dump BYOD. It would be an inappropriate call as you really cannot control your employees smartphone use. Instead of staying in the dark, IT must wake up and deploy mobile device management solutions to push some management controls on these mobile devices.

Also, I think its more apt to tell your employee X set of devices are supported and Y are not. This way you listen to them and they will listen to you.

BYOD provides a great deal of flexibility in the types of endpoint devices that make their way into the hands of users. However, we seem to be allowing this movement to "wag the dog" so to speak.

It is a huge mistake to allow BYOD to supersede the absolute requirement to protect and secure internal systems and the data they contain. Sometimes an end user will just have to be told... NO, not right now... and accept it.

Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.

Worries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?